???????? cgpsa-discuss@mail.tffenterprises.com ????? #4219
???: John DeYoung <john@techsuperpowers.com>
??: Re: [CGPSA] sh: su: command not found - in cgpsa.err
??: Thu, 18 Oct 2012 09:18:25 -0400
??: CGPSA Discussion List <cgpsa-discuss@mail.tffenterprises.com>
 ?????????

?????????????
hi again everybody -

just a quick summary, for those who weren't able to sleep at night not knowing if we'd gotten a handle on our apparent su attempts.  a real nail-biter, i know.

anyway, the best i was able to work out was that the su attempts were definitely related to either cgpsa or spamassassin.  i ran a quick diff on our cgpsa install vs. a fresh download and found nothing unexpected there, so i figured it must be further up the line.

i ultimately reinstalled spamassassin, and the messages stopped.  i don't love that, but i do like that we're now definitely clean.  

thanks,
-john.

On Oct 16, 2012, at 12:50 AM, Daniel M. Zimmerman wrote:

>
>
> --On 15 October 2012 15:36:19 -0400 John DeYoung <john@techsuperpowers.com> wrote:
>
>> hi everyone -
>>
>> i don't check it very often, but today i watched the entries in cgpsa.err
>> fly by for a bit (i redirect stdout).  as i watched, several lines went
>> by saying "sh: su: command not found" - which naturally got my attention.
>
> Understandable.
>
>> the messages are ongoing, but have a clear beginning point in the
>> cgpsa.err file.  there's no date/time entry associated with anything in
>> that file, so i can't pinpoint when it started, but it's clearly new.
>>
>> soo…i'm at a loss as to where i should even look to find what part of
>> the equation might be looking for root - does anyone have any ideas where
>> i might start?  i can't come up with any legitimate reason for this to be
>> happening, obviously, so i'd like to get to the bottom of it.
>
> Well, cgpsa as shipped definitely does not execute any shell commands, never mind an "su"; it does spawn additional perl processes if you're running it multithreaded, but that's done with fork().
>
> It sounds to me like maybe your copy of cgpsa has been altered in some way. Either that, or some other process is also dumping logs to cgpsa.err for some reason.
>
> -Dan
>
> ------------------------------------------------------------------
> Daniel M. Zimmerman                                TFF Enterprises
> 1900 Commerce St. Box 358426   http://www.tffenterprises.com/~dmz/
> Tacoma, WA  98402  USA                      dmz@tffenterprises.com
>
> -----
> This message is from the CGPSA Mailing List.
> To unsubscribe, E-mail to: <cgpsa-discuss-off@mail.tffenterprises.com>.

--
John DeYoung
Tech Superpowers, Inc.
?????? ????????? ????????? ???? ??????????????